Headers

  • Revision slug: HTTP/Headers
  • Revision title: Headers
  • Revision id: 82609
  • Created:
  • Creator: Tgr
  • Is current revision? No
  • Comment +ja; 18 words added

Revision Content

HTTP message headers are used to precisely describe the resource being fetched or the behavior of the server or the client. Custom proprietary headers can be added using the 'X-' prefix; others are listed in an IANA registry, whose original content was defined in RFC 4229. IANA also maintain a registry of proposed new HTTP message headers.

The following list summaries the headers and their usage:

Header Description More information Standard
Accept lists the MIME types expected by the user agent HTTP Content Negotiation HTTP/1.1
Accept-Charset lists the character sets supported by the user agent HTTP Content Negotiation HTTP/1.1
Accept-Features   HTTP Content Negotiation RFC 2295, §8.2
Accept-Encoding lists the compression methods supported by the user agent HTTP Content Negotiation HTTP/1.1
Accept-Language lists the languages the user agent expect the page in HTTP Content Negotiation HTTP/1.1
Accept-Ranges      
Access-Control-Allow-Credentials   HTTP Access Control and Server Side Access Control{{ gecko_minversion_inline("1.9.1") }} W3C Cross-Origin Resource Sharing
Access-Control-Allow-Origin   HTTP Access Control and Server Side Access Control{{ gecko_minversion_inline("1.9.1") }} W3C Cross-Origin Resource Sharing
Access-Control-Allow-Methods   HTTP Access Control and Server Side Access Control{{ gecko_minversion_inline("1.9.1") }} W3C Cross-Origin Resource Sharing
Access-Control-Allow-Headers   HTTP Access Control and Server Side Access Control{{ gecko_minversion_inline("1.9.1") }} W3C Cross-Origin Resource Sharing
Access-Control-Max-Age   HTTP Access Control and Server Side Access Control{{ gecko_minversion_inline("1.9.1") }} W3C Cross-Origin Resource Sharing
Access-Control-Expose-Headers   HTTP Access Control and Server Side Access Control{{ gecko_minversion_inline("2") }} W3C Cross-Origin Resource Sharing
Access-Control-Request-Method   HTTP Access Control and Server Side Access Control{{ gecko_minversion_inline("1.9.1") }} W3C Cross-Origin Resource Sharing
Access-Control-Request-Headers   HTTP Access Control and Server Side Access Control{{ gecko_minversion_inline("1.9.1") }} W3C Cross-Origin Resource Sharing
Age      
Allow      
Alternates   HTTP Content Negotiation RFC 2295, §8.3
Authorization      
Cache-Control   HTTP Caching FAQ  
Connection      
Content-Encoding      
Content-Language      
Content-Length      
Content-Location      
Content-MD5   {{ unimplemented_inline("232030") }}  
Content-Range      
Content-Type defines the MIME Type of the served document    
Cookie     RFC 2109
DNT with a value of 1, indicates that the user explicitly opt-out for any kind of tracking. Supported by Firefox 4, Firefox 5 for mobile, IE9 and a few major companies. Bug 628197
Date      
ETag   HTTP Caching FAQ  
Expect      
Expires   HTTP Caching FAQ  
From      
Host      
If-Match      
If-Modified-Since   HTTP Caching FAQ  
If-None-Match   HTTP Caching FAQ  
If-Range      
If-Unmodified-Since      
Last-Event-ID gives the id of the last events received by the server on a previous HTTP connection. Used to synchronize a stream of text/event-stream. Server-Sent Events Server-Sent Events spec
Last-Modified   HTTP Caching FAQ  
Link equivalent to the HTML {{ HTMLElement("link") }} element, but on the HTTP layer, gives an URL related to the fetched resource, and the kind of relation.

For the rel=prefetch case, see Link Prefetching FAQ

Introduced in HTTP 1.1's RFC 2068, section 19.6.2.4, it was removed in the final HTTP 1.1 spec, then reintroduced, with some extensions, in RFC 5988

Location      
Max-Forwards      
Negotiate   HTTP Content Negotiation RFC 2295, §8.4
Origin   HTTP Access Control and Server Side Access Control{{ gecko_minversion_inline("1.9.1") }} W3C Cross-Origin Resource Sharing
Pragma   for the pragma: nocache value see HTTP Caching FAQ  
Proxy-Authenticate      
Proxy-Authorization      
Range      
Referer (note that the orthographical error introduced in HTTP/0.9 spec had to be conserved in subsequent version of the protocol)    
Retry-After      
Sec-Websocket-Extensions      Websockets
Sec-Websocket-Key      Websockets
Sec-Websocket-Origin      Websockets
Sec-Websocket-Protocol      Websockets
Sec-Websocket-Version      Websockets
Server      
Set-Cookie     RFC 2109
Set-Cookie2     RFC 2965
Strict-Transport-Security   HTTP Strict Transport Security IETF reference
TCN   HTTP Content Negotiation RFC 2295, §8.5
TE      
Trailer lists the headers that will be transmitted after the message body, in a trailer block. This allows servers to compute some values, like Content-MD5: while transmitting the data. Note that the Trailer: header must not list the Content-Length:, Trailer: or Transfer-Encoding: headers.   RFC 2616, §14.40
Transfer-Encoding      
Upgrade      
User-Agent   for Gecko's user agents see the User Agents Reference  
Variant-Vary   HTTP Content Negotiation RFC 2295, §8.6
Vary lists the headers used as criteria for choosing a specific content by the web server. This server is important for efficient and correct caching of the resource sent. HTTP Content Negotiation & HTTP Caching FAQ  
Via      
Warning      
WWW-Authenticate      
X-Content-Duration   Configuring servers for Ogg media  
X-Content-Security-Policy   Using Content Security Policy  
X-DNSPrefetch-Control   Controlling DNS prefetching  
X-Frame-Options   The XFrame-Option Response Header  
X-Requested-With Often used with the value "XMLHttpRequest" when it is the case   Not standard

Notes

{{ gecko_callout_heading("5.0") }}

The Keep-Alive request header is not sent by Gecko 5.0 {{ geckoRelease("5.0") }}; previous versions did send it but it was not formatted correctly, so the decision was made to remove it for the time being. The {{ httpheader("Connection") }} or {{ httpheader("Proxy-Connection") }} header is still sent, however, with the value "keep-alive".

See also

Wikipedia page on List of HTTP headers

{{ languages( { "ja": "ja/HTTP/Headers"} ) }}

Revision Source

<p>HTTP message headers are used to precisely describe the resource being fetched or the behavior of the server or the client. Custom proprietary headers can be added using the 'X-' prefix; others are listed in an <a class="external" href="http://www.iana.org/assignments/message-headers/perm-headers.html" title="http://www.iana.org/assignments/message-headers/perm-headers.html">IANA registry</a>, whose original content was defined in <a class="external" href="http://tools.ietf.org/html/rfc4229" title="http://tools.ietf.org/html/rfc4229">RFC 4229</a>. IANA also maintain a <a class="external" href="http://www.iana.org/assignments/message-headers/prov-headers.html" title="http://www.iana.org/assignments/message-headers/prov-headers.html">registry of proposed new HTTP message headers</a>.</p>
<p>The following list summaries the headers and their usage:</p>
<table class="standard-table" style="width: 100%;"> <tbody> <tr> <th>Header</th> <th>Description</th> <th>More information</th> <th>Standard</th> </tr> <tr> <td><code><a href="/en/HTTP/Content_negotiation#The_Accept.3a_header" title="https://developer.mozilla.org/en/HTTP/Content_negotiation#The_Accept.3a_header">Accept</a></code></td> <td>lists the MIME types expected by the user agent</td> <td><a href="/en/HTTP/Content_negotiation" title="en/HTTP/Content negotiation">HTTP Content Negotiation</a></td> <td>HTTP/1.1</td> </tr> <tr> <td><code><a href="/en/HTTP/Content_negotiation#The_Accept-Charset.3a_header" title="https://developer.mozilla.org/en/HTTP/Content_negotiation#The_Accept-Charset.3a_header">Accept-Charset</a></code></td> <td>lists the character sets supported by the user agent</td> <td><a href="/en/HTTP/Content_negotiation" title="en/HTTP/Content negotiation">HTTP Content Negotiation</a></td> <td>HTTP/1.1</td> </tr> <tr> <td><code>Accept-Features</code></td> <td> </td> <td><a href="/en/HTTP/Content_negotiation" title="en/HTTP/Content negotiation">HTTP Content Negotiation</a></td> <td>RFC 2295, §8.2</td> </tr> <tr> <td><code><a href="/en/HTTP/Content_negotiation#The_Accept-Encoding.3a_header" title="https://developer.mozilla.org/en/HTTP/Content_negotiation#The_Accept-Encoding.3a_header">Accept-Encoding</a></code></td> <td>lists the compression methods supported by the user agent</td> <td><a href="/en/HTTP/Content_negotiation" title="en/HTTP/Content negotiation">HTTP Content Negotiation</a></td> <td>HTTP/1.1</td> </tr> <tr> <td><code><a href="/en/HTTP/Content_negotiation#The_Accept-Language.3a_header" title="https://developer.mozilla.org/en/HTTP/Content_negotiation#The_Accept-Language.3a_header">Accept-Language</a></code></td> <td>lists the languages the user agent expect the page in</td> <td><a href="/en/HTTP/Content_negotiation" title="https://developer.mozilla.org/en/Content_negotiation">HTTP Content Negotiation</a></td> <td>HTTP/1.1</td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Accept-Ranges" title="en/Accept-Ranges">Accept-Ranges</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/En/HTTP_access_control#Access-Control-Allow-Credentials" title="https://developer.mozilla.org/En/HTTP_access_control#Access-Control-Allow-Credentials">Access-Control-Allow-Credentials</a></code></td> <td> </td> <td><a href="/En/HTTP_access_control" title="En/HTTP access control">HTTP Access Control</a> and <a href="/En/Server-Side_Access_Control" title="En/Server-Side Access Control">Server Side Access Control</a>{{ gecko_minversion_inline("1.9.1") }}</td> <td><a class="external" href="http://www.w3.org/TR/cors/" title="http://www.w3.org/TR/cors/">W3C Cross-Origin Resource Sharing</a></td> </tr> <tr> <td><code><a href="/En/HTTP_access_control#Access-Control-Allow-Origin" title="https://developer.mozilla.org/En/HTTP_access_control#Access-Control-Allow-Origin">Access-Control-Allow-Origin</a></code></td> <td> </td> <td><a href="/En/HTTP_access_control" title="En/HTTP access control">HTTP Access Control</a> and <a href="/En/Server-Side_Access_Control" title="En/Server-Side Access Control">Server Side Access Control</a>{{ gecko_minversion_inline("1.9.1") }}</td> <td><a class="external" href="http://www.w3.org/TR/cors/" title="http://www.w3.org/TR/cors/">W3C Cross-Origin Resource Sharing</a></td> </tr> <tr> <td><code><a href="/En/HTTP_access_control#Access-Control-Allow-Methods" title="https://developer.mozilla.org/En/HTTP_access_control#Access-Control-Allow-Methods">Access-Control-Allow-Methods</a></code></td> <td> </td> <td><a href="/En/HTTP_access_control" title="En/HTTP access control">HTTP Access Control</a> and <a href="/En/Server-Side_Access_Control" title="En/Server-Side Access Control">Server Side Access Control</a>{{ gecko_minversion_inline("1.9.1") }}</td> <td><a class="external" href="http://www.w3.org/TR/cors/" title="http://www.w3.org/TR/cors/">W3C Cross-Origin Resource Sharing</a></td> </tr> <tr> <td><code><a href="/En/HTTP_access_control#Access-Control-Allow-Headers" title="https://developer.mozilla.org/En/HTTP_access_control#Access-Control-Allow-Headers">Access-Control-Allow-Headers</a></code></td> <td> </td> <td><a href="/En/HTTP_access_control" title="En/HTTP access control">HTTP Access Control</a> and <a href="/En/Server-Side_Access_Control" title="En/Server-Side Access Control">Server Side Access Control</a>{{ gecko_minversion_inline("1.9.1") }}</td> <td><a class="external" href="http://www.w3.org/TR/cors/" title="http://www.w3.org/TR/cors/">W3C Cross-Origin Resource Sharing</a></td> </tr> <tr> <td><code><a href="/En/HTTP_access_control#Access-Control-Max-Age" title="https://developer.mozilla.org/En/HTTP_access_control#Access-Control-Max-Age">Access-Control-Max-Age</a></code></td> <td> </td> <td><a href="/En/HTTP_access_control" title="En/HTTP access control">HTTP Access Control</a> and <a href="/En/Server-Side_Access_Control" title="En/Server-Side Access Control">Server Side Access Control</a>{{ gecko_minversion_inline("1.9.1") }}</td> <td><a class="external" href="http://www.w3.org/TR/cors/" title="http://www.w3.org/TR/cors/">W3C Cross-Origin Resource Sharing</a></td> </tr> <tr> <td><code><a href="/En/HTTP_access_control#Access-Control-Expose-Header" title="en/HTTP access control#Access-Control-Expose-Header">Access-Control-Expose-Headers</a></code></td> <td> </td> <td><a href="/En/HTTP_access_control" title="En/HTTP access control">HTTP Access Control</a> and <a href="/En/Server-Side_Access_Control" title="En/Server-Side Access Control">Server Side Access Control</a>{{ gecko_minversion_inline("2") }}</td> <td><a class="external" href="http://www.w3.org/TR/cors/" title="http://www.w3.org/TR/cors/">W3C Cross-Origin Resource Sharing</a></td> </tr> <tr> <td><code><a href="/En/HTTP_access_control#Access-Control-Request-Method" title="https://developer.mozilla.org/En/HTTP_access_control#Access-Control-Request-Method">Access-Control-Request-Method</a></code></td> <td> </td> <td><a href="/En/HTTP_access_control" title="En/HTTP access control">HTTP Access Control</a> and <a href="/En/Server-Side_Access_Control" title="En/Server-Side Access Control">Server Side Access Control</a>{{ gecko_minversion_inline("1.9.1") }}</td> <td><a class="external" href="http://www.w3.org/TR/cors/" title="http://www.w3.org/TR/cors/">W3C Cross-Origin Resource Sharing</a></td> </tr> <tr> <td><code><a href="/En/HTTP_access_control#Access-Control-Request-Headers" title="https://developer.mozilla.org/En/HTTP_access_control#Access-Control-Request-Headers">Access-Control-Request-Headers</a></code></td> <td> </td> <td><a href="/En/HTTP_access_control" title="En/HTTP access control">HTTP Access Control</a> and <a href="/En/Server-Side_Access_Control" title="En/Server-Side Access Control">Server Side Access Control</a>{{ gecko_minversion_inline("1.9.1") }}</td> <td><a class="external" href="http://www.w3.org/TR/cors/" title="http://www.w3.org/TR/cors/">W3C Cross-Origin Resource Sharing</a></td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Age" title="en/Age">Age</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Allow" title="en/Allow">Allow</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code>Alternates</code></td> <td> </td> <td><a href="/en/HTTP/Content_negotiation" title="en/HTTP/Content negotiation">HTTP Content Negotiation</a></td> <td>RFC 2295, §8.3</td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Authorization" title="en/Authorization">Authorization</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Cache-Control" title="en/Cache-Control">Cache-Control</a></code></td> <td> </td> <td><a href="/en/HTTP_Caching_FAQ" title="en/HTTP Caching FAQ">HTTP Caching FAQ</a></td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Connection" title="en/Connection">Connection</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Content-Encoding" title="en/Content-Encoding">Content-Encoding</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Content-Language" title="en/Content-Language">Content-Language</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Content-Length" title="en/Content-Length">Content-Length</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Content-Location" title="en/Content-Location">Content-Location</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Content-MD5" title="en/Content-MD5">Content-MD5</a></code></td> <td> </td> <td>{{ unimplemented_inline("232030") }}</td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Content-Range" title="en/Content-Range">Content-Range</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Content-Type" title="en/Content-Type">Content-Type</a></code></td> <td>defines the <a href="/en/Properly_Configuring_Server_MIME_Types" title="en/Properly Configuring Server MIME Types">MIME Type </a>of the served document</td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Cookie" title="en/Cookie">Cookie</a></code></td> <td> </td> <td> </td> <td><a class="external" href="http://www.ietf.org/rfc/rfc2109.txt" title="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a></td> </tr> <tr> <td><code>DNT</code></td> <td>with a value of 1, indicates that the user explicitly opt-out for any kind of tracking.</td> <td>Supported by Firefox 4, Firefox 5 for mobile, IE9 and a few major companies.</td> <td><a class="link-https" href="https://bugzilla.mozilla.org/show_bug.cgi?id=628197" title="https://bugzilla.mozilla.org/show_bug.cgi?id=628197">Bug 628197</a></td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Date" title="en/Date">Date</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/ETag" title="en/ETag">ETag</a></code></td> <td> </td> <td><a href="/en/HTTP_Caching_FAQ" title="en/HTTP Caching FAQ">HTTP Caching FAQ</a></td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Expect" title="en/Expect">Expect</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Expires" title="en/Expires">Expires</a></code></td> <td> </td> <td><a href="/en/HTTP_Caching_FAQ" title="en/HTTP Caching FAQ">HTTP Caching FAQ</a></td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/From" title="en/From">From</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Host" title="en/Host">Host</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/If-Match" title="en/If-Match">If-Match</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/If-Modified-Since" title="en/If-Modified-Since">If-Modified-Since</a></code></td> <td> </td> <td><a href="/en/HTTP_Caching_FAQ" title="en/HTTP Caching FAQ">HTTP Caching FAQ</a></td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/If-None-Match" title="en/If-None-Match">If-None-Match</a></code></td> <td> </td> <td><a href="/en/HTTP_Caching_FAQ" title="en/HTTP Caching FAQ">HTTP Caching FAQ</a></td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/If-Range" title="en/If-Range">If-Range</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/If-Unmodified-Since" title="en/If-Unmodified-Since">If-Unmodified-Since</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Last-Event-ID" title="en/Last-Event-ID">Last-Event-ID</a></code></td> <td>gives the id of the last events received by the server on a previous HTTP connection. Used to synchronize a stream of <code>text/event-stream</code>.</td> <td><a href="/en/Server-sent_events" title="en/Server-Sent Events">Server-Sent Events</a></td> <td><a class="external" href="http://dev.w3.org/html5/eventsource/" title="http://dev.w3.org/html5/eventsource/">Server-Sent Events spec</a></td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Last-Modified" title="en/Last-Modified">Last-Modified</a></code></td> <td> </td> <td><a href="/en/HTTP_Caching_FAQ" title="en/HTTP Caching FAQ">HTTP Caching FAQ</a></td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Link" title="en/HTTP/Headers/Link">Link</a></code></td> <td>equivalent to the HTML {{ HTMLElement("link") }} element, but on the HTTP layer, gives an URL related to the fetched resource, and the kind of relation.</td> <td> <p>For the <code>rel=prefetch</code> case, see <a href="/en/Link_prefetching_FAQ" title="en/Link prefetching FAQ">Link Prefetching FAQ</a></p> </td> <td> <p>Introduced in <a class="external" href="http://tools.ietf.org/html/rfc2068#section-19.6.2.4" title="http://tools.ietf.org/html/rfc2068#section-19.6.2.4">HTTP 1.1's RFC 2068, section 19.6.2.4</a>, it was removed in the final <a class="external" href="http://www.w3.org/Protocols/rfc2616/rfc2616.html" title="http://www.w3.org/Protocols/rfc2616/rfc2616.html">HTTP 1.1 spec</a>, then reintroduced, with some extensions, in <a class="external" href="http://greenbytes.de/tech/webdav/rfc5988.html" title="http://greenbytes.de/tech/webdav/rfc5988.html">RFC 5988</a></p> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Location" title="en/Location">Location</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Max-Forwards" title="en/Max-Forwards">Max-Forwards</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code>Negotiate</code></td> <td> </td> <td><a href="/en/HTTP/Content_negotiation" title="en/HTTP/Content negotiation">HTTP Content Negotiation</a></td> <td>RFC 2295, §8.4</td> </tr> <tr> <td><code><a href="/En/HTTP_access_control#Origin" title="https://developer.mozilla.org/En/HTTP_access_control#Origin">Origin</a></code></td> <td> </td> <td><a href="/En/HTTP_access_control" title="En/HTTP access control">HTTP Access Control</a> and <a href="/En/Server-Side_Access_Control" title="En/Server-Side Access Control">Server Side Access Control</a>{{ gecko_minversion_inline("1.9.1") }}</td> <td><a class="external" href="http://www.w3.org/TR/cors/" title="http://www.w3.org/TR/cors/">W3C Cross-Origin Resource Sharing</a></td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Pragma" title="en/Pragma">Pragma</a></code></td> <td> </td> <td>for the pragma: nocache value see <a href="/en/HTTP_Caching_FAQ" title="en/HTTP Caching FAQ">HTTP Caching FAQ</a></td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Proxy-Authenticate" title="en/Proxy-Authenticate">Proxy-Authenticate</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Proxy-Authorization" title="en/Proxy-Authorization">Proxy-Authorization</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Range" title="en/Range">Range</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Referer" title="en/Referer">Referer</a></code></td> <td>(note that the orthographical error introduced in HTTP/0.9 spec had to be conserved in subsequent version of the protocol)</td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Retry-After" title="en/Retry-After">Retry-After</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code>Sec-Websocket-Extensions</code></td> <td> </td> <td> </td> <td> <a class="external" href="http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07" title="http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07">Websockets</a></td> </tr> <tr> <td><code>Sec-Websocket-Key</code></td> <td> </td> <td> </td> <td> <a class="external" href="http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07" title="http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07">Websockets</a></td> </tr> <tr> <td><code>Sec-Websocket-Origin</code></td> <td> </td> <td> </td> <td> <a class="external" href="http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07" title="http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07">Websockets</a></td> </tr> <tr> <td><code>Sec-Websocket-Protocol</code></td> <td> </td> <td> </td> <td> <a class="external" href="http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07" title="http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07">Websockets</a></td> </tr> <tr> <td><code>Sec-Websocket-Version</code></td> <td> </td> <td> </td> <td> <a class="external" href="http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07" title="http://tools.ietf.org/html/draft-ietf-hybi-thewebsocketprotocol-07">Websockets</a></td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Server" title="en/Server">Server</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Set-Cookie" title="en/Set-Cookie">Set-Cookie</a></code></td> <td> </td> <td> </td> <td><a class="external" href="http://www.ietf.org/rfc/rfc2109.txt" title="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a></td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Set-Cookie2" title="en/Set-Cookie2">Set-Cookie2</a></code></td> <td> </td> <td> </td> <td><a class="external" href="http://www.ietf.org/rfc/rfc2965.txt" title="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a></td> </tr> <tr> <td><code>Strict-Transport-Security</code></td> <td> </td> <td><a href="/en/Security/HTTP_Strict_Transport_Security" title="en/Security/HTTP Strict Transport Security">HTTP Strict Transport Security</a></td> <td><a class="external" href="http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02" title="http://tools.ietf.org/html/draft-hodges-strict-transport-sec-02">IETF reference</a></td> </tr> <tr> <td><code>TCN</code></td> <td> </td> <td><a href="/en/HTTP/Content_negotiation" title="en/HTTP/Content negotiation">HTTP Content Negotiation</a></td> <td>RFC 2295, §8.5</td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/TE" title="en/TE">TE</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Trailer" title="en/Trailer">Trailer</a></code></td> <td>lists the headers that will be transmitted after the message body, in a trailer block. This allows servers to compute some values, like <code>Content-MD5:</code> while transmitting the data. Note that the <code>Trailer:</code> header must not list the <code>Content-Length:,</code> <code>Trailer:</code> or <code>Transfer-Encoding:</code> headers.</td> <td> </td> <td><a class="external" href="http://tools.ietf.org/html/rfc2616#section-14.40" title="http://tools.ietf.org/html/rfc2616#section-14.40">RFC 2616, §14.40</a></td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Transfer-Encoding" title="en/Transfer-Encoding">Transfer-Encoding</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Upgrade" title="en/Upgrade">Upgrade</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Content_negotiation#The_User-Agent.3a_header" title="https://developer.mozilla.org/en/HTTP/Content_negotiation#The_User-Agent.3a_header">User-Agent</a></code></td> <td> </td> <td>for Gecko's user agents see the <a href="/En/User_Agent_Strings_Reference" title="En/User Agent Strings Reference">User Agents Reference</a></td> <td> </td> </tr> <tr> <td><code>Variant-Vary</code></td> <td> </td> <td><a href="/en/HTTP/Content_negotiation" title="en/HTTP/Content negotiation">HTTP Content Negotiation</a></td> <td>RFC 2295, §8.6</td> </tr> <tr> <td><code><a href="/en/HTTP/Content_negotiation#The_Vary.3a_response_header" title="https://developer.mozilla.org/en/HTTP/Content_negotiation#The_Vary.3a_response_header">Vary</a></code></td> <td>lists the headers used as criteria for choosing a specific content by the web server. This server is important for efficient and correct caching of the resource sent.</td> <td><a href="/en/HTTP/Content_negotiation" title="https://developer.mozilla.org/en/Content_negotiation">HTTP Content Negotiation</a> &amp; <a href="/en/HTTP_Caching_FAQ" title="en/HTTP Caching FAQ">HTTP Caching FAQ</a></td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Via" title="en/Via">Via</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/Warning" title="en/Warning">Warning</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code><a href="/en/HTTP/Headers/WWW-Authenticate" title="en/WWW-Authenticate">WWW-Authenticate</a></code></td> <td> </td> <td> </td> <td> </td> </tr> <tr> <td><code>X-Content-Duration</code></td> <td> </td> <td><a href="/en/Configuring_servers_for_Ogg_media" title="https://developer.mozilla.org/en/Configuring_servers_for_Ogg_media">Configuring servers for Ogg media</a></td> <td> </td> </tr> <tr> <td><code>X-Content-Security-Policy</code></td> <td> </td> <td>Using <a href="/en/Security/CSP/Using_Content_Security_Policy" title="en/Security/CSP/Using Content Security Policy">Content Security Policy</a></td> <td> </td> </tr> <tr> <td><code>X-DNSPrefetch-Control</code></td> <td> </td> <td><a href="/En/Controlling_DNS_prefetching" title="En/Controlling DNS prefetching">Controlling DNS prefetching</a></td> <td> </td> </tr> <tr> <td><code>X-Frame-Options</code></td> <td> </td> <td><a href="/en/The_X-FRAME-OPTIONS_response_header" title="en/The X-FRAME-OPTIONS response header">The XFrame-Option Response Header</a></td> <td> </td> </tr> <tr> <td><code>X-Requested-With</code></td> <td>Often used with the value "XMLHttpRequest" when it is the case</td> <td> </td> <td>Not standard</td> </tr> </tbody>
</table>
<h2 id="Notes">Notes</h2>
<div class="geckoVersionNote"> <p>{{ gecko_callout_heading("5.0") }}</p> <p>The Keep-Alive request header is not sent by Gecko 5.0 {{ geckoRelease("5.0") }}; previous versions did send it but it was not formatted correctly, so the decision was made to remove it for the time being. The {{ httpheader("Connection") }} or {{ httpheader("Proxy-Connection") }} header is still sent, however, with the value "keep-alive".</p>
</div>
<h2 id="See_also">See also</h2>
<p><a class="external" href="http://en.wikipedia.org/wiki/List_of_HTTP_header_fields">Wikipedia page on List of HTTP headers</a></p>
<p>{{ languages( { "ja": "ja/HTTP/Headers"} ) }}</p>
Revert to this revision